generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use method rsa keygen first if FIPS mode if it is a FIPS method.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2011-06-09 13:18:07 +00:00
parent 03e16611a3
commit cc30415d0c
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/rsa/rsa_gen.c
View File

@ -81,19 +81,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
{ {
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode()) if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
{ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
if (rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
{ {
RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
return 0; return 0;
} }
}
#endif #endif
if(rsa->meth->rsa_keygen) if(rsa->meth->rsa_keygen)
return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
#endif
return rsa_builtin_keygen(rsa, bits, e_value, cb); return rsa_builtin_keygen(rsa, bits, e_value, cb);
} }